Git Extension Vulnerability in JupyterLab by Project Jupyter
CVE-2026-54528
7.1HIGH
What is CVE-2026-54528?
The JupyterLab Git extension previously exhibited a vulnerability that allowed authenticated users on case-insensitive filesystems to bypass excluded path restrictions. Specifically, the use of fnmatch.fnmatchcase() in handling excluded paths permitted attackers to manipulate URL path casing, enabling the reading of directories that should have been protected. This issue has been resolved in the 0.54.0 release of the extension, reinforcing access controls.
Affected Version(s)
jupyterlab-git < 0.54.0
